Keen to improve your job prospects in the field of cybersecurity? BUI Cloud Security Architect Neil du Plessis highlights the credentials that could give you a competitive advantage.
There’s a high demand for cybersecurity specialists equipped to help organisations defend themselves against cyberattacks. Industry certifications that validate your cybersecurity experience can be a great way to publicise your abilities, increase your earning potential, and boost your career prospects in this field.
Microsoft, the International Information System Security Certification Consortium, Offensive Security, and eLearnSecurity provide some of the most comprehensive cybersecurity certification courses on the market, according to BUI Cloud Security Architect Neil du Plessis.
Microsoft’s cybersecurity training path
Microsoft offers a variety of cybersecurity training options to help you achieve technical certifications that showcase your industry-relevant skills. Du Plessis advises starting with the SC-900 certification to get to grips with the fundamentals of Microsoft’s security, compliance, and identity solutions.
“You’ll gain valuable insights into the relationship between these solutions and how they can be leveraged to ensure end-to-end cybersecurity. After that, you can move on to technology-specific and role-based certifications in security operations, identity and access management, and information protection, in line with what you want to achieve professionally.”
Du Plessis recommends the following order:
- SC-900 | Security, Compliance and Identity Fundamentals, which deals with the fundamentals of effective cybersecurity and gives you an overview of Microsoft’s current security, compliance, and identity management tools and technologies.
- AZ-500 | Azure Security Engineer (Associate), which covers the skills you need to manage an organisation’s overall security posture; identify and remediate vulnerabilities; perform threat modelling; and implement threat protection.
- MS-500 | Microsoft 365 Security Administrator (Associate), which covers the skills required to secure identities and access, implement threat protection, manage information protection, and enforce compliance for Microsoft 365 workloads.
- SC-200 | Security Operations Analyst (Associate), which covers threat management, monitoring, and response with Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender, and other Microsoft security technologies.
- SC-300 | Identity and Access Administrator (Associate), which prepares you to design, implement, and operate an organisation’s identity and access management systems, and see to the authentication and authorisation of identities for users, devices, and apps.
- SC-400 | Information Protection Administrator (Associate), which equips you to evaluate an organisation’s IT processes and operations against the policies and controls in place to ensure information protection and regulatory compliance.
- SC-100 | Cybersecurity Architect (Expert), which equips you to design security strategies for data, applications, access management, identity and infrastructure, and collaborate with stakeholders on privacy, governance and compliance.
“Microsoft has outlined its own recommended path for individuals looking to specialise in security, compliance, and identity, but I think you can adapt this learning journey to suit your personal outcomes,” says Du Plessis.
Quick Tip | The Microsoft Security, Compliance, and Identity Training and Certifications Guide contains more information about the SC-900, AZ-500, MS-500, SC-400, SC-300, SC-200, and SC-100 certifications, and Microsoft Learn has an extensive collection of free training materials to aid your studies and exam preparation.
Cybersecurity certifications from (ISC)²
The International Information System Security Certification Consortium – or (ISC)² – offers technology professionals a range of information security certifications. (ISC)² certifications are recognised globally and deal with everything from security administration to operations and management. These are the four that Du Plessis suggests:
Certified in Cybersecurity (CC) is an entry-level certification aimed at graduates, beginners, and novice practitioners in the field. “It’s designed to give you the foundational knowledge required to start a career in cybersecurity,” says Du Plessis. “If you’re new to the industry or perhaps changing your job focus, this could be the first rung on the ladder as you develop your skills.”
Systems Security Certified Practitioner (SSCP) is a credential that proves your ability to implement, monitor, and manage IT systems and infrastructure securely. “It’s a way to demonstrate your holistic understanding of the best practices, accepted policies, and international standards regarding security operations,” says Du Plessis. The SSCP certificate is a popular choice among experienced systems administrators, systems analysts, and systems engineers.
Certified Cloud Security Professional (CCSP) is best suited for information security leaders with experience in cloud security architecture, design, operations and orchestration. “With the CCSP certification behind your name, prospective employers will know that you have advanced capabilities when it comes to protecting critical cloud assets,” says Du Plessis.
Certified Information Systems Security Professional (CISSP) is widely regarded as the globe’s premier cybersecurity certification. “But it doesn’t come easy,” notes Du Plessis. “CISSP certification requires a substantial investment of both time and money. There’s a staggering volume of course information to get through, but the reward is well worth it. Plus, the credential itself can open new doors for you.”
In the United Kingdom, the CISSP certification is comparable to Level 7 of the Regulated Qualifications Framework. And in South Africa, many universities will accept CISSP as recognition of prior learning if you pursue a postgraduate study programme (to achieve an Honours degree, for example).
(ISC)² offers several other certifications, but Du Plessis cautions that they’re geared toward professionals in particular disciplines or industries. “If your focus area is governance and compliance, or risk management, then Certified Authorisation Professional (CAP) may be a good path to explore. But if your responsibilities include protecting sensitive patient data and medical records, then becoming a Healthcare Information Security and Privacy Practitioner (HCISPP) might make more sense.”
Quick Tip | The (ISC)² Cybersecurity Qualification Pathfinder tool can help you decide which certifications match your current and future career goals.
Niche credentials for specialised jobs in cybersecurity
Penetration testing and digital forensic investigation are highly specialised fields that require cybersecurity pros to expand their practical, technical, and analytical capabilities. “For those with the necessary credentials in these niches, there’s certainly no shortage of work,” remarks Du Plessis. “At BUI, our penetration testers are booked months in advance. And worldwide, there’s a growing demand for forensic experts who can help organisations uncover evidence of cybercrime.”
The OSCP (Offensive Security Certified Professional) course presented by Offensive Security is considered far more technical than other ethical-hacking qualifications on the market. “It’s also one of the few cybersecurity certifications that requires students to prove their practical skills in a test environment,” adds Du Plessis. “The combination of hands-on training and real-world simulation is hugely beneficial.”
The certifications offered by eLearnSecurity are also worth looking into – especially if you want to narrow your focus by specialising in penetration testing for web or mobile applications, says Du Plessis. The eLearnSecurity Certified Professional Penetration Tester (eCPPT) credential is recognised on all seven continents, and the Web Application Penetration Tester eXtreme (eWPTX) and Mobile Application Penetration Tester (eMAPT) certifications are respected in IT circles.
The eLearnSecurity Certified Digital Forensics Professional (eCDFP) accreditation is designed for senior technologists with existing cybersecurity knowledge. It focuses on the processes and methodologies used in modern digital forensics investigations.
These cybersecurity certifications are just a starting point. It’s always a good idea to do additional research to see what fits best for you. “Keep an eye on cybersecurity news sites, group forums, and social media, too,” advises Du Plessis. “The security industry is evolving rapidly. If you’re in the loop, then you’ll be able to update your skills accordingly with the right certifications.”
Join our global team of extraordinary technologists.
Bring your talents, skills, and unique perspectives to a collaborative community of technology professionals.
We’re always excited to grow the BUI community! Take a look at our current vacancies, listed on our career portal.